[14193] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: smurf

daemon@ATHENA.MIT.EDU (Alec H. Peterson)
Mon Dec 8 15:05:23 1997

Date: Mon, 8 Dec 1997 13:51:26 -0500
From: "Alec H. Peterson" <ahp@hilander.com>
To: Wayne Bouchard <web@typo.org>
Cc: nanog@merit.edu
In-Reply-To: <199712081839.LAA04608@typo.org>; from Wayne Bouchard on Mon, Dec 08, 1997 at 11:39:45AM -0700

On Mon, Dec 08, 1997 at 11:39:45AM -0700, Wayne Bouchard wrote:
>
> Since so far 6 people misunderstood this, I *meant* those networks
> that don't need to permit it, should consider filtering inbound ICMP
> echo request packets. (And, hence, blocking the spoofed packet from
> causing an ICMP echo reply flood.)

I personally don't see why this would be preferable to just putting no
ip directed-broadcast on all relavent interfaces.

Alec

-- 
+------------------------------------+--------------------------------------+
|Alec Peterson - ahp@hilander.com    | Erols Internet, INC.                 |
|Network Engineer                    | Springfield, VA.                     |
+------------------------------------+--------------------------------------+


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14193] in North American Network Operators' Group

Re: smurf

daemon@ATHENA.MIT.EDU (Alec H. Peterson)Mon Dec 8 15:05:23 1997

daemon@ATHENA.MIT.EDU (Alec H. Peterson)
Mon Dec 8 15:05:23 1997